ACPICA: Fix for possible memory leak and fault.
authorFiodor Suietov <fiodor.f.suietov@intel.com>
Fri, 2 Feb 2007 16:48:21 +0000 (19:48 +0300)
committerLen Brown <len.brown@intel.com>
Sat, 3 Feb 2007 02:14:26 +0000 (21:14 -0500)
Fixed a possible memory leak and fault in acpi_ex_resolve_object_to_value()
during a read from a buffer or region field. (BZ 458)

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <alexey.y.starikovskiy@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
drivers/acpi/executer/exresolv.c

index 6499de8780173f44e19a41ef7bf2ac9fb30d9531..fa17f550972b07adc40ef2c8590d68ec23baf9b3 100644 (file)
@@ -141,7 +141,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
        acpi_status status = AE_OK;
        union acpi_operand_object *stack_desc;
        void *temp_node;
-       union acpi_operand_object *obj_desc;
+       union acpi_operand_object *obj_desc = NULL;
        u16 opcode;
 
        ACPI_FUNCTION_TRACE(ex_resolve_object_to_value);
@@ -299,8 +299,6 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
                status = acpi_ds_get_package_arguments(stack_desc);
                break;
 
-               /* These cases may never happen here, but just in case.. */
-
        case ACPI_TYPE_BUFFER_FIELD:
        case ACPI_TYPE_LOCAL_REGION_FIELD:
        case ACPI_TYPE_LOCAL_BANK_FIELD:
@@ -314,6 +312,10 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
                status =
                    acpi_ex_read_data_from_field(walk_state, stack_desc,
                                                 &obj_desc);
+
+               /* Remove a reference to the original operand, then override */
+
+               acpi_ut_remove_reference(*stack_ptr);
                *stack_ptr = (void *)obj_desc;
                break;